YOU MIGHT THINK that working on a secured floor in a 30-story office tower puts you out of reach of Wi-Fi hackers out to steal your confidential documents.
But researchers in Singapore have demonstrated how attackers using a drone plus a mobile phone could easily intercept documents sent to a seemingly inaccessible Wi-Fi printer. The method they devised is actually intended to help organizations determine cheaply and easily if they have vulnerable open Wi-Fi devices that can be accessed from the sky. But the same technique could also be used by corporate spies intent on economic espionage.
For their demo they use a standard drone from the Chinese firm DJI and a Samsung phone. Their smartphone app searches for open printer SSIDs and company SSIDs. From the SSIDs, the app can identify the name of the company they’re scanning as well as the printer model. It then poses as the printer and forces any nearby computers to connect to it instead of the real printer. Once a document is intercepted, which takes just seconds, the app can send it to an attacker’s Dropbox account using the phone’s 3G or 4G connection, and also send it on to the real printer so a victim wouldn’t know the document had been intercepted.